IPv6 'certification' - Journal of Omnifarious

Nov. 20th, 2008

09:32 am - IPv6 'certification'

I had to jump through a couple of hoops to make this work.

First, I had to use Safari because Firefox uses SOCKS very, very stupidly. Firefox does the name lookups locally and demands SOCKS connect to an IP address, it doesn't just hand SOCKS a hostname, even though SOCKS5 allows this. Additionally, current versions of Firefox are very confused when trying to forward IPv6 connections through SOCKS at all.

Second, I had to restart my DNS server, lookup the AAAA record for ipv6.he.net and then set up a firewall restriction so that no DNS servers could be contacted. That step was required because openssh is stupid and if you try to forward through SOCKS to a server with both an IPv4 and an IPv6 address it will try to connect to the IPv4 address in preference to the IPv6 address. So I had to fool it into thinking the server only had an IPv6 address.

But, after I did that, everything else was a piece of CAKE. I already had everything set up. :-) Except, I can't get Sage level certification because that requires cooperation from my registrar to set up IPv6 glue records for my DNS server.

Comments:

You can set network.proxy.socks_remote_dns to true in about:config to fix the local name lookup problem. (Works for me in Iceweasel 2.0.0.11.) There are reports that Firefox still uses local DNS for some requests (XMLHttpRequest maybe?) even with that set, but I haven't noticed it happening even though I use a fair number of AJAX sites. I don't use any plugins, though, which may be why I don't see any problems.

HE Sage IPv6 Cert.

I managed to get to Sage level by registering a new domain in a TLD which supports DNS glue (.net in my case) and used a registrar which is IPv6 enabled in their web tools (Joker, no sending in emails to beg for glue, just used the web interface). I then had to ask the HE.net people to reset my status back to explorer so I could climb back up using my new domain.